diff --git a/vpnerator.sh b/vpnerator.sh index ff7a472..648eaf3 100755 --- a/vpnerator.sh +++ b/vpnerator.sh @@ -13,7 +13,6 @@ INTERFACE_NAME=tun-${RAND} SERVER_ADDR=10.99.255.1/24 CLIENT_ADDR=10.99.255.2/32 DNS=8.8.8.8 -#INTERFACE_NAME=${INTERFACE_PFX}-${RAND} echo "Generating keys..." SERVER_KEY=$(wg genkey) @@ -84,88 +83,81 @@ cleanup() { END ) -echo -echo "Starting server..." -ssh -T ${HOST} /bin/bash << END -# include SERVER_LIB -${SERVER_LIB} +setup_server() { + echo "Starting server..." + ssh -T ${HOST} /bin/bash <<- END + # include SERVER_LIB + ${SERVER_LIB} -# Check/install depends -deps || exit 1 + # Check/install depends + deps || exit 1 -# Cleanup previous tunnel -cleanup -if [ "\$?" -eq 2 ] ; then - echo "$SERVER_ADDR is already being used on the server." - echo "Please choose another address." - exit 1 -fi + # Cleanup previous tunnel + cleanup + if [ "\$?" -eq 2 ] ; then + echo "$SERVER_ADDR is already being used on the server." + echo "Please choose another address." + exit 1 + fi -umask 0177 -TMP=\$(mktemp) -cat << EOF > \${TMP} -[Interface] -ListenPort = 51820 -PrivateKey = ${SERVER_KEY} + umask 0177 + TMP=\$(mktemp) + cat << EOF > \${TMP} + [Interface] + ListenPort = 51820 + PrivateKey = ${SERVER_KEY} -[Peer] -# foo -PublicKey = ${CLIENT_PUB} -PresharedKey = ${PSK} -AllowedIPs = ${CLIENT_ADDR} -EOF + [Peer] + # foo + PublicKey = ${CLIENT_PUB} + PresharedKey = ${PSK} + AllowedIPs = ${CLIENT_ADDR} + EOF -exec_sudo ip link add "${INTERFACE_NAME}" type wireguard -exec_sudo wg setconf "${INTERFACE_NAME}" "\${TMP}" -rm "\${TMP}" + exec_sudo ip link add "${INTERFACE_NAME}" type wireguard + exec_sudo wg setconf "${INTERFACE_NAME}" "\${TMP}" + rm "\${TMP}" -exec_sudo ip addr add "${SERVER_ADDR}" dev "${INTERFACE_NAME}" -exec_sudo ip link set mtu 1420 up dev "${INTERFACE_NAME}" + exec_sudo ip addr add "${SERVER_ADDR}" dev "${INTERFACE_NAME}" + exec_sudo ip link set mtu 1420 up dev "${INTERFACE_NAME}" -exec_sudo iptables -A FORWARD -i "${INTERFACE_NAME}" -j ACCEPT -exec_sudo iptables -A FORWARD -o "${INTERFACE_NAME}" -j ACCEPT -exec_sudo iptables -t nat -A POSTROUTING -s "${CLIENT_ADDR}" -o "\${DEFAULT_IFACE}" -j MASQUERADE + exec_sudo iptables -A FORWARD -i "${INTERFACE_NAME}" -j ACCEPT + exec_sudo iptables -A FORWARD -o "${INTERFACE_NAME}" -j ACCEPT + exec_sudo iptables -t nat -A POSTROUTING -s "${CLIENT_ADDR}" -o "\${DEFAULT_IFACE}" -j MASQUERADE -enable_forwarding + enable_forwarding -echo -sudo wg show "$INTERFACE_NAME" -END + echo + sudo wg show "$INTERFACE_NAME" + END +} -if [ "$?" -ne 0 ]; then - echo "Error starting server, aborting." - exit 1 -fi +setup_client() { + umask 0177 + FILE="/tmp/${INTERFACE_NAME}.conf" + cat <<- CONF > "${FILE}" + [Interface] + Address = ${CLIENT_ADDR} + PrivateKey = ${CLIENT_KEY} + DNS = ${DNS} -umask 0177 -FILE="/tmp/${INTERFACE_NAME}.conf" -cat << CONF > "${FILE}" -[Interface] -Address = ${CLIENT_ADDR} -PrivateKey = ${CLIENT_KEY} -DNS = ${DNS} + [Peer] + PublicKey = ${SERVER_PUB} + PresharedKey = ${PSK} + Endpoint = ${HOST_ADDR}:51820 + AllowedIPs = 0.0.0.0/0, ::/0 + CONF -[Peer] -PublicKey = ${SERVER_PUB} -PresharedKey = ${PSK} -Endpoint = ${HOST_ADDR}:51820 -AllowedIPs = 0.0.0.0/0, ::/0 -CONF + echo "Starting client..." + sudo wg-quick up "${FILE}" + RESULT=$? -echo -echo "Starting client..." -sudo wg-quick up "${FILE}" + sleep 1 + echo + sudo wg show "${INTERFACE_NAME}" -sleep 1 -echo -sudo wg show "${INTERFACE_NAME}" -echo -echo "Connected! SIGINT or Enter to disconnect and stop server." - -# clear sensitive variables from memory -PSK= -CLIENT_KEY= -SERVER_KEY= + return $RESULT +} cleanup() { set -e @@ -188,6 +180,20 @@ cleanup() { exit } +clear_env() { + # clear sensitive variables from memory + unset PSK + unset CLIENT_KEY + unset SERVER_KEY +} + +echo +setup_server || { echo "Error starting server, aborting."; exit 1; } +echo +setup_client || { echo "Error starting client, cleaning up..."; cleanup; exit 1; } +clear_env +echo -e "\nConnected! SIGINT or Enter to disconnect and stop server." + trap cleanup INT TERM read var cleanup